0x25/useful
GitHub: 0x25/useful
一份涵盖渗透测试全生命周期工具的分类索引笔记,帮助安全从业者按场景快速查找和使用各类安全工具。
Stars: 67 | Forks: 13
```
____ ___ _____ .__
| | \______ _____/ ____\_ __| |
______ ______ | | / ___// __ \ __\ | \ | ______ ______
/_____/ /_____/ | | /\___ \\ ___/| | | | / |__ /_____/ /_____/
|______//____ >\___ >__| |____/|____/
\/ \/
```
如果链接失效请提交 issue,谢谢
如果你喜欢我的分享,可以给我一些 XMR { 4Ahnr36hZQsJ3P6jowXvs7cLkSVbkq2KyfQBVURYVftcj9tDoA592wT1jskroZEk2QDEZFPYMLqVvJWZHecFwQ9nL15SzRG }
## 检测
yara;network;https://github.com/plusvic/yara
haka;network;http://www.haka-security.org/
## 识别
netdiscover;网络发现;http://www.tuto-linux.com/tutoriel/netdiscover-scan-furtif-dun-reseau-avec-arp/
nmap;网络扫描器;https://nmap.org/download.html
recog;发现;https://github.com/rapid7/recog
vulscan;nmap 脚本;https://github.com/scipag/vulscan
synscan;网络扫描器;https://packetstormsecurity.com/files/download/62221/synscan-5.0.tar.gz
webappalyzer;CMS 识别;https://wappalyzer.com/
builtwith;CMS 识别;http://builtwith.com/
nikto;web;https://github.com/sullo/nikto
dirbuster;web;https://www.owasp.org/index.php/Category:OWASP_DirBuster_Project
fibratus;Windows 内核;https://github.com/rabbitstack/fibratus
wafw00f;web;https://github.com/EnableSecurity/wafw00f
skipfish;web;https://code.google.com/archive/p/skipfish/
lastaudit;Windows;https://lastaudit.wordpress.com/download/
subbrute;DNS;https://github.com/TheRook/subbrute
ctfr;DNS;https://github.com/UnaPibaGeek/ctfr
Dumb;DNS;https://github.com/giovanifss/Dumb
BTA;活动目录;https://bitbucket.org/iwseclabs/bta
portquiz;网络;http://portquiz.net/
massdns;DNS;https://github.com/blechschmidt/massdns
domained;DNS;https://github.com/nilvalues/domained
assetfinder;域名;https://github.com/tomnomnom/assetfinder
dvcs-pillage;git;https://github.com/evilpacket/DVCS-Pillage
dmitry;web;apt-get install dmitry
sslyze;SSL;https://github.com/nabla-c0d3/sslyze
ssltest.sh;SSL;https://github.com/drwetter/testssl.sh/
LHF recon;多用途;https://github.com/blindfuzzy/LHF
pshtt;HTTPS;https://github.com/dhs-ncats/pshtt
fuzzdb;模式列表;https://github.com/fuzzdb-project/fuzzdb
sparta;Linux;http://sparta.secforce.com/
operative;指纹识别;https://github.com/graniet/operative-framework
SIPvicious;SIP;https://github.com/EnableSecurity/sipvicious
sharesniffer;Windows;https://github.com/shirosaidev/sharesniffer
reversewhois;WHOIS;https://viewdns.info/reversewhois
securitytrails;DNS 关键字;https://securitytrails.com/#search
Interlace;Linux 多线程自动化;https://github.com/codingo/Interlace
fuff;web;https://github.com/ffuf/ffuf
amass;OWASP 信息收集;https://github.com/OWASP/Amass
## CVE
cvedetails;;https://www.cvedetails.com/
opencve;;https://www.opencve.io/
mitre;;https://cve.mitre.org/
## 漏洞研究
nmap;端口扫描器;https://nmap.org/
ngrep;被动扫描;https://linux.die.net/man/8/ngrep
burp;web;http://portswigger.net/
caido;web;https://caido.io/fr
Burp-Non-HTTP-Extension;web burp 插件;https://github.com/summitt/Burp-Non-HTTP-Extension
zap;web;https://github.com/zaproxy/zaproxy/wiki/Downloads
jsql-injection;SQLi;https://github.com/ron190/jsql-injection
havij,sqli;http://itsecteam.com/
nessus;服务器;http://www.tenable.com/products/nessus/select-your-operating-system
metasploit;渗透测试框架;http://www.rapid7.com/products/metasploit/
sniper;渗透测试;https://github.com/1N3/Sn1per
BeEF;web;https://github.com/beefproject/beef
aircrack;Wi-Fi;http://www.aircrack-ng.org/
airsnort;Wi-Fi;http://sourceforge.net/projects/airsnort/
webscarab;web Fuzzer;https://github.com/OWASP/OWASP-WebScarab
jBroFuzz;web Fuzzer;https://sourceforge.net/projects/jbrofuzz/
wsfuzzer;SOAP Fuzzer;https://sourceforge.net/projects/wsfuzzer/files/
zuff;Fuzzer;https://github.com/samhocevar/zzuf/releases
sulley;Fuzzer 框架;https://github.com/OpenRCE/sulley
protofuzz;协议 Fuzzer;https://sourceforge.net/projects/protofuzz/
comraider;ActiveX Fuzzer;https://github.com/dzzie/COMRaider
malybuzz;网络 Fuzzer;http://eternal-todo.com/tools/malybuzz-network-fuzzer
peach;Fuzzer;http://www.peachfuzzer.com/resources/peachcommunity/
radamsa;Fuzzer;https://github.com/aoh/radamsa
xsshunter;web XSS;https://github.com/mandatoryprogrammer/xsshunter
xsspy;web;https://github.com/faizann24/XssPy/
kerberom;Windows;https://github.com/Fist0urs/kerberom
BruteXSS;XSS;https://github.com/shawarkhanethicalhacker/BruteXSS
otori;XXE;http://www.beneaththewaves.net/Software/On_The_Outside_Reaching_In.html#Downloads
apktool;APK;http://ibotpeaches.github.io/Apktool/
fiddler;web;https://www.telerik.com/download/fiddler
mimikittenz;Windows;https://github.com/putterpanda/mimikittenz
choronzon;Fuzzer;https://github.com/CENSUS/choronzon
smod;modbus;https://github.com/enddo/smod
vega;web;https://subgraph.com/vega
ridenum;Windows;https://github.com/trustedsec/ridenum
vsaudit;VOIP;https://github.com/sanvil/vsaudit
Responder;Windows;https://github.com/lgandx/Responder
PowerSploit;Windows;https://github.com/PowerShellMafia/PowerSploit
LLMNR;PowerShell;https://github.com/nbs-system/php-malware-finder
coerce;Windows;https://github.com/p0dalirius/Coercer
mimipenguin;Linux;https://github.com/huntergregal/mimipenguin
getsploit;getsploit;https://github.com/vulnersCom/getsploit
winpayloads;Windows payloads;https://github.com/nccgroup/winpayloads
CrackMapExec;网络扫描/AD;https://github.com/byt3bl33d3r/CrackMapExec
netexec;扫描/攻破 AD;https://github.com/Pennyw0rth/NetExec
PsMapExec,PowerShell 攻破 AD;https://github.com/The-Viper-One/PsMapExec
mitm6;mitm ipv6 wpad;https://github.com/fox-it/mitm6
GyoiThon;web msf;https://github.com/gyoisamurai/GyoiThon
badKarma;GUI;https://github.com/r3vn/badKarma
PowerLine;https://github.com/fullmetalcache/PowerLine
ysoserial;JAVA 序列化对象;https://github.com/frohoff/ysoserial
evil-ssdp;UPNP;https://gitlab.com/initstring/evil-ssdp
eavesarp;Python ARP;https://github.com/arch4ngel/eavesarp
AD;文档;https://github.com/infosecn1nja/AD-Attack-Defense/
baboossh;用于 SSH 的 cme;https://github.com/cybiere/baboossh
Blacklist3r;ASP.NET;https://github.com/NotSoSecure/Blacklist3r/releases/tag/3.0
xinPEAS;Windows;https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS
fakedns;DNS;https://github.com/Crypt0s/FakeDns
evil-winrm;Windows;https://github.com/Hackplayers/evil-winrm
WinPwn;PS;https://github.com/S3cur3Th1sSh1t/WinPwn
nuclei;web;https://github.com/projectdiscovery/nuclei
## API
autosawgger;web;https://github.com/intruder-io/autoswagger
## exploit
jexboss;jboss;https://github.com/joaomatosf/jexboss
gtfobins;Linux;https://gtfobins.github.io/
wadcoms;;https://wadcoms.github.io/#+No%20Creds
## PowerShell
MailSniper;PS;https://github.com/dafthack/MailSniper
## 混淆
pyobfuscator;Python;https://github.com/nlog2n/pyobfuscator
## 内网穿透/枢纽
ssf;跨平台;https://securesocketfunneling.github.io/ssf/
## SQLi
mssql-cli;MSSQL 客户端命令行;https://docs.microsoft.com/fr-fr/sql/tools/mssql-cli?view=sql-server-2017
sqlmap;SQLi;http://sqlmap.org/
## 审计
nipper;防火墙;www.titania.com
lynis;Linux;https://cisofy.com/lynis/
Nix auditor;Redhat;https://github.com/XalfiE/Nix-Auditor
scan-build;C;http://clang-analyzer.llvm.org/scan-build.html
debsecan;Debian;http://www.enyo.de/fw/software/debsecan/
lunar;Linux;https://github.com/lateralblast/lunar
dockerscan;Linux;https://github.com/cr0hn/dockerscan
pingcastle;AD;https://www.pingcastle.com/
ADRecon;AD;https://github.com/sense-of-security/ADRecon
jomscan;Joomla;https://github.com/rezasp/joomscan
linEnum;Linux;https://github.com/rebootuser/LinEnum/blob/master/LinEnum.sh
PEAS;Linux/Windows;https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite
HardeningKitty;Windows;https://github.com/scipag/HardeningKitty
## 代码审计
sonarqube;;https://www.sonarqube.org/
exakat;PHP;https://www.exakat.io/
SCARY;PHP;https://github.com/ewilded/SCARY
## 密码学
keylength;;密钥长度;https://www.keylength.com
factorize;;http://factordb.com/
## 破解/暴力破解
hashcat;哈希;http://hashcat.net/hashcat/
john;哈希;http://www.openwall.com/john/
Durvasav-BfPC;哈希;https://github.com/vishnumaiea/Durvasav-BfPC
princeprocessor;算法;https://github.com/hashcat/princeprocessor
hashview;hashcat 分布式 GUI;http://www.hashview.io/
mdxfind;多哈希, CPU;https://www.techsolvency.com/pub/bin/mdxfind/
bitlocker;Linux;https://github.com/e-ago/bitcracker
## 恶意软件
luckystrike;XLSX;https://github.com/Shellntel/luckystrike
dasmalwerk;恶意软件下载;http://dasmalwerk.eu/
malware-traffic-analysis;数据库与分析;http://www.malware-traffic-analysis.net
joesandox;沙箱;https://www.joesandbox.com/
## IDS/IPS
## 域名拼写抢注 ; 域名排列组合
urlcrazy;DNS 域名拼写抢注;https://tools.kali.org/information-gathering/urlcrazy
dnstwist;DNS 域名抢注;https://github.com/elceef/dnstwist
## 打印机
cred;LDAP;https://www.ceos3c.com/hacking/obtaining-domain-credentials-printer-netcat/
## 防火墙
fireaway;NGFW 绕过;https://github.com/tcstool/fireaway
## 蜜罐
honeycomb;蜜罐;https://github.com/Cymmetria/honeycomb
## 逆向
gdbEnhanced;Linux;https://gef.readthedocs.io/en/master/
gdb;Linux;http://www.gnu.org/software/gdb/download/
gdb.init;Linux;https://gist.github.com/CocoaBeans/1879270
gdb UI;Linux;https://github.com/cs01/gdbgui/
peda;gdb;https://github.com/longld/peda
ida;Windows/Linux;https://www.hex-rays.com/products/ida/support/download.shtml
radar;Windows/Linux;http://radare.org/r/down.html
objdump;Linux;
ollydbg;Windows;http://www.ollydbg.de/
binwalk;固件;http://binwalk.org/
peid;Windows;https://www.aldeid.com/wiki/PEiD
dnSpy;.NET;https://github.com/0xd4d/dnSpy
veles;二进制文件;https://codisec.com/veles/
scdbg;shellcode 分析;http://sandsprite.com/blogs/index.php?uid=7&pid=152
binaryNinja;逆向平台;https://binary.ninja/
## 文件搜索/取证
foremost;Linux;
photorec;Linux;
hachoir-subfile;Linux;apt-get install python-hachoir-subfile
testdisk;;http://www.cgsecurity.org/wiki/TestDisk_FR
RecuperaBit;重建文件;https://github.com/Lazza/RecuperaBit
peepdf;PDF;http://eternal-todo.com/tools/peepdf-pdf-analysis-tool
bucket;;buckets.grayhatwarfare.com
gitminer;git 搜索;https://github.com/UnkL4b/GitMiner
DeepBlueCLI;PS;https://github.com/sans-blue-team/DeepBlueCLI
dfir;Windows;https://dfir-orc.github.io/
## 网络
t50;网络;https://sourceforge.net/projects/t50/
tcpdump;Linux
tshark;Linux/Windows
wireshark;Linux/Windows
netcat/nc;Linux
sniffles;生成器;https://github.com/petabi/sniffles
dnscat2;隧道;https://github.com/iagox86/dnscat2
petabi;PCAP 生成器;http://petabi.com/
netsniff-ng;网络;https://github.com/netsniff-ng/netsniff-ng
Pcapviz;PCAP 图形化;https://github.com/mateuszk87/PcapViz
iftop;Linux 状态;iftop
dns2tcp;隧道;https://tools.kali.org/maintaining-access/dns2tcp
serveo;将本地服务发布到 DNS;https://serveo.net/
tcpproxy;Python;https://github.com/ickerwx/tcpproxy
## 搜索引擎
shodan;搜索引擎;https://www.shodan.io
censys;搜索引擎;https://www.censys.io/
exploitsearch;exploit;http://www.exploitsearch.net/
exploit-db;exploit;https://www.exploit-db.com/
vulnerabilities,vuln;https://www.seebug.org/
## 电子书/杂志
International Journal of Proof-of-Concept or Get The Fuck Out;电子书;https://www.alchemistowl.org/pocorgtfo/
xmco;法语;https://www.xmco.fr/actusecu/
pageout;英语;https://pagedout.institute/
## 隐写术
Matroschka;隐写术;https://github.com/fgrimme/Matroschka
## 撰写渗透测试报告
public-pentesting-reports;报告;https://github.com/juliocesarfort/public-pentesting-reports
cure53;出版物;https://cure53.de/#publications
## Android
apkr;Android;https://github.com/zerjioang/apkr
genymotion;模拟器;https://www.genymotion.com
MobSF;APK 分析;https://github.com/MobSF/Mobile-Security-Framework-MobSF
Cheatsheet;指南, 帮助;https://github.com/tanprathan/MobileApp-Pentest-Cheatsheet
anbox;Linux 模拟器;https://anbox.io/
## 学习
metasploit-unleashed;免费培训;https://www.offensive-security.com/metasploit-unleashed
bWapp;web 漏洞;http://www.itsecgames.com/
building-your-own-pentesting-environment;实验室;http://resources.infosecinstitute.com/building-your-own-pentesting-environment/
webgoat;JAVA 漏洞;https://github.com/webgoat
pwnos;漏洞;http://pwnos.com/
pentesterlab;培训;https://www.pentesterlab.com/
WordSteal;Linux;https://github.com/0x090x0/WordSteal
websec;挑战;https://websec.fr
maltran;恶意软件;https://github.com/MalwareReverseBrasil/maltran
natas;挑战;http://overthewire.org/wargames/natas/
hackthebox;挑战;https://www.hackthebox.eu/en
OSCP-Survival-Guide;OSCP;https://github.com/frizb/OSCP-Survival-Guide
Awesome-Hacking-Resources;链接;https://github.com/vitalysim/Awesome-Hacking-Resources
xvna;Node.js;https://github.com/vegabird/xvna
oscp-like;虚拟机;https://www.abatchy.com/2017/02/oscp-like-vulnhub-vms
virtualhackinglabs;非免费虚拟机;www.virtualhackinglabs.com
hackingarticles;writeup;https://www.hackingarticles.in/
try hack me;挑战;https://tryhackme.com/
cryptohack;挑战;https://cryptohack.org/
picoCTF;挑战;https://picoctf.org/
ctf-katana;命令行;https://github.com/JohnHammond/ctf-katana
hacktricks;命令行;https://book.hacktricks.xyz/
## 后门与强化
tinyshell;PHP;https://github.com/lawrenceamer/tinyshell
weevely;PHP 后门;http://tools.kali.org/maintaining-access/weevely
php-reverse-shell;PHP 反弹;http://pentestmonkey.net/tools/web-shells/php-reverse-shell
pupy;RAT;https://github.com/n1nj4sec/pupy
ThunderShell;PS;https://github.com/Mr-Un1k0d3r/ThunderShell
php-web-shell;PHP webshell 列表;https://github.com/JohnTroony/php-webshells
b374k;PHP;https://github.com/b374k/b374k
FFM;Python;https://github.com/JusticeRage/FFM
revshells;;https://www.revshells.com/
## 钓鱼
king-phisher;钓鱼;https://github.com/securestate/king-phisher/releases
gophish;开源平台;https://getgophish.com/
SocialFish;Python;https://github.com/UndeadSec/SocialFish
juda;代理;https://github.com/JonCooperWorks/judas
evil nginx;代理;https://github.com/kgretzky/evilginx2
## 字典
CeWL;基于 URL 的生成器;https://github.com/digininja/CeWL
## Wi-Fi
scapy-fakeap;伪造 AP;https://github.com/rpp0/scapy-fakeap
LANs;中间人攻击;https://github.com/DanMcInerney/LANs.py
MITMf;中间人攻击 ++;https://github.com/byt3bl33d3r/MITMf
Lans;中间人攻击;https://github.com/DanMcInerney/LANs.py
wifi-pumpkins;AP 及更多;https://github.com/P0cL4bs/WiFi-Pumpkin
hostapd;AP;https://doc.ubuntu-fr.org/hostapd
eaphammer;EAP 伪造 AP;https://github.com/s0lst1c3/eaphammer
audit-radius;RADIUS;https://github.com/ANSSI-FR/audit-radius
PMKID 攻击;带外;https://hashcat.net/forum/thread-7717.html
wifite2;自动化;https://github.com/derv82/wifite2
hostbase;Wi-Fi;https://github.com/Koala633/hostbase
## WMI
wmie;资源管理器;https://wmie.codeplex.com/
## 发行版
Converto;升级 VPS;https://github.com/developerkunal/Converto
## 红队
PlugBot-Plug;;https://github.com/redteamsecurity/PlugBot-Plug
exploitpack;exploit kit;https://exploitpack.com
responder;无哈希;https://threat.tevora.com/quick-tip-skip-cracking-responder-hashes-and-replay-them/
demiguise;HTA 文件下载浏览器;https://github.com/nccgroup/demiguise
ScareCrow;Windows;https://github.com/optiv/ScareCrow
vilain;;https://github.com/t3l3machus/villain
ligolo-ng;DNS 渗透;https://github.com/nicocha30/ligolo-ng
## Web 服务
webservice;*;http://www.ws-attacks.org/Welcome_to_WS-Attacks
## Windows
regshot;注册表快照;https://sourceforge.net/projects/regshot/
luckystrike;XLSX Word;https://www.shellntel.com/blog/2016/9/13/luckystrike-a-database-backed-evil-macro-generator
privilege;Windows;http://www.sploitspren.com/2018-01-26-Windows-Privilege-Escalation-Guide/
Active-Directory-Exploitation-Cheat-Sheet;;https://github.com/buftas/Active-Directory-Exploitation-Cheat-Sheet
obfuscatePS;Python;https://github.com/Unknow101/FuckThatPacker
AD cheat sheet;;https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference/
lolbin;Windows;https://lolbas-project.github.io/
pypykatz;Python;https://github.com/skelsec/pypykatz
hakatomb;Python;https://github.com/Processus-Thief/HEKATOMB
ADPeas;PSH;https://github.com/61106960/adPEAS
MITM DHCPV6;;https://github.com/RedTeamPentesting/pretender
## 数据库泄露
databases;数据库;https://www.databases.today/search.php
weakpass;密码;http://weakpass.com/
hashes;hash:pass;https://hashes.org/leaks.php
## 蜜罐/信标
canary;token;https://canarytokens.org
opencanary;HTTPS;https://github.com/thinkst/opencanary
## USB
P4wnP1;Windows;https://github.com/mame82/P4wnP1
## Rootkit
Reptile; Linux;https://github.com/f0rb1dd3n/Reptile
## 硬件
espressobin;3 个以太网口;http://espressobin.net
raspberry;迷你 PC;https://www.raspberrypi.org/
## IOT
baudrate;UART/COM;https://github.com/devttys0/baudrate
## Docker
docker-explorer;Linux;https://github.com/google/docker-explorer
deepce;Docker;https://github.com/stealthcopter/deepce
## 记事本
Huntpad;改进的记事本;http://www.syhunt.com/en/index.php?n=Products.SyhuntHuntpad
## CTF
CTFd;Web 界面;https://github.com/CTFd/CTFd
## 域名拼写抢注
typofinder;;https://github.com/nccgroup/typofinder
## TOR
multitor;Linux;https://github.com/trimstray/multitor
## 播客
nolimitsecu;法语;https://www.nolimitsecu.fr/
comptoirsecu;法语;https://www.comptoirsecu.fr/podcast/
blackhillsinfo;英语;https://www.blackhillsinfosec.com/podcasts/
darknetdiaries;英语;https://darknetdiaries.com/
no-log;法语;https://shows.acast.com/no-log
CYBER;英语;https://open.spotify.com/show/3smcGJaAF6F7sioqFDQjzn?si=d145034375e647e9
hackandspeak;法语;https://anchor.fm/hacknspeak
purplevoice;法语;https://www.radio.fr/podcast/purple-voice
## SNMP
snmp-check;Ruby;http://www.nothink.org/codes/snmpcheck/index.php
## 教程
lesson;英语;https://www.thehacker.recipes/
## 射频
radio;ISO;https://www.sigintos.com/
## 其他
mailgun;邮件;http://www.mailgun.com/
anonymous;操作系统;https://www.whonix.org/
owasp test list;渗透测试;https://www.owasp.org/index.php/Testing_Checklist
nmap (lua) IDE;nmap;http://halcyon-ide.org/
http-screenshot;nmap NSE;https://github.com/SpiderLabs/Nmap-Tools/blob/master/NSE/http-screenshot.nse
penbox;渗透测试框架;https://github.com/x3omdax/PenBox
wireguard;VPN;https://www.wireguard.io/
Serpico;渗透测试报告;https://github.com/SerpicoProject/Serpico
winfsp;Windows;https://github.com/billziss-gh/winfsp
encode;编码;https://encoder.mattiasgeniar.be/index.php
vulnreport;报告;http://vulnreport.io/
metame;代码变异;https://github.com/a0rtega/metame
stemjail; Jail;https://stemjail.github.io/
pwnmalw;恶意软件漏洞;https://www.pwnmalw.re/
screentogif;录制;https://screentogif.codeplex.com/
php-security-pitfalls;测试 Web 漏洞;https://github.com/joostvanveen/php-security-pitfalls
SEI+CERT+Coding+Standards;代码规范;https://www.securecoding.cert.org/confluence/display/seccode/SEI+CERT+Coding+Standards
HTTP-Over-Protocol;隧道;https://github.com/sakshamsharma/HTTP-Over-Protocol
scans.io;数据库;https://scans.io/
agarri; nicolas gregoire;http://www.agarri.fr/en/index.html
Linux_Exploit_Suggester;Linux;https://github.com/PenturaLabs/Linux_Exploit_Suggester
Windows-Exploit-Suggester;Windows;https://github.com/GDSSecurity/Windows-Exploit-Suggester
sandcat;浏览器;http://www.syhunt.com/sandcat/
dracos-linux;渗透测试 OS;http://www.dracos-linux.org/
OWASP;建议;https://github.com/OWASP
Web_Application_Security_Testing_Cheat_Sheet;测试;https://www.owasp.org/index.php/Web_Application_Security_Testing_Cheat_Sheet
cryptomator;云端加密;https://cryptomator.org/
awesome-pentest;工具;https://github.com/enaqx/awesome-pentest
g0tmi1k;博客;https://blog.g0tmi1k.com
CyberChef; 编码解码;https://gchq.github.io/CyberChef/
kakoune;文本编辑器;http://kakoune.org/
Parallel Processing Shell Script;Bash;https://github.com/louwrentius/PPSS
cyberprobe;攻击监控;http://cyberprobe.sourceforge.net/
pushed;手机通知;https://pushed.co
freegeoip;freegeoip;https://freegeoip.net
awesome-malware-analysis;工具;https://github.com/rshipp/awesome-malware-analysis
laverna;笔记;https://laverna.cc
Metarouter;网络;https://wiki.mikrotik.com/wiki/Manual:Metarouter
ShadowBuster;漏洞映射;https://github.com/indeedops/ShadowBuster
certbot;免费 SSL 证书;https://certbot.eff.org/
panwdbl;恶意软件 IP 数据库;http://panwdbl.appspot.com/
conemu;Telnet 客户端;https://conemu.github.io/
testconnectivity;邮件头;https://testconnectivity.microsoft.com/
hiddent-tear;勒索软件代码;https://github.com/goliate/hidden-tear
Heap Exploitation;学习;https://heap-exploitation.dhavalkapil.com/
pentest-cheat-sheets;渗透测试速查表;https://github.com/coreb1t/awesome-pentest-cheat-sheets
osquery;审查;https://osquery.io/
postgresql_online_compiler;PostgreSQL;http://rextester.com/l/postgresql_online_compiler;
pumascan;.NET 漏洞分析器;https://www.pumascan.com/
scikit-learn;Python 机器学习;http://scikit-learn.org
cutycapt;Linux 命令行截图;http://cutycapt.sourceforge.net/
php rop gadget;PHP;https://www.ambionics.io/blog/php-generic-gadget-chains
wireguard;VPN;https://www.wireguard.com/
atom;文本编辑器;https://atom.io/docs
pbscan;大规模端口扫描器;https://github.com/gvb84/pbscan
Ironsquirrel;用于浏览器的加密 exploit 投递;https://github.com/MRGEffitas/Ironsquirrel
asciinema;Linux 命令行录制;https://asciinema.org/
ufw;Linux iptables;https://linuxconfig.org/how-to-install-and-use-ufw-firewall-on-linux
phantom;编排;https://www.phantom.us/
goaccess;Web 报告;https://goaccess.io/
pwning win;Windows;https://crowdshield.com/blog.php?name=pwning-windows-domains-from-the-command-line
automate action;Android;http://llamalab.com/automate/
gephi;Graphviz 工具;https://gephi.org/
macro;VBA;https://homputersecurity.com/2017/12/21/comment-pirater-un-systeme-windows-laide-dun-fichier-macro/
git clone;wget;https://blog.netspi.com/dumping-git-data-from-misconfigured-web-servers/
linux cmd;Linux;https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
crt.sh;SSL 证书;https://crt.sh
bashbosster;配置管理;http://www.bashbooster.net/
gopacket;Go 数据包操作;https://github.com/google/gopacket
up;交互式 grep;https://github.com/akavel/up
payload;burp;https://github.com/1N3/IntruderPayloads
owasp-modsecurity-crs;mod security 规则;https://github.com/SpiderLabs/owasp-modsecurity-crs
inspec.io;强化;https://www.inspec.io/
Osquery;文件完整性监控;https://www.howtoforge.com/tutorial/how-to-setup-file-integrity-monitoring-fim-using-osquery-on-linux-server/
GPU;云;https://vast.ai/console/create/
DNSDumpster;DNS;https://dnsdumpster.com/
patrowl;发现;https://www.patrowl.io/
vault;密码管理器;https://www.vaultproject.io/;
wifi;piZero;https://pwnagotchi.ai/
total commander;IDE;https://www.ghisler.com/accueil.htm
jupyter;Python 记事本运行代码;https://jupyter.org/
easy2boot;启动;https://www.easy2boot.com/
scantron;;https://github.com/rackerlabs/scantron
Portsentry;Linux;https://wiki.gentoo.org/wiki/PortSentry
ssh+ssl;Linux;https://ostechnix.com/sslh-share-port-https-ssh/
ssh;;https://github.com/quantumsheep/sshs
标签:AI合规, 域环境安全, 威胁模拟, 逆向工具